BlackHat 2016 talk by @anders_fogh / @lavados - in hindsight you can see where this is goinghttps://www.youtube.com/watch?v=Pwq0vv4X7m4 …
-
Show this thread
-
maybe it's just me, but the KASLR thing may have made it less appealing than it actually was. the core idea is much more interesting than a KASLR bypass: CPUs do unexpected things that can break security assumptions.
2 replies 4 retweets 8 likesShow this thread -
Yeah I basically tune out as soon as I hear "[K]ASLR bypass" because I take it as a given that ASLR is just a nuisance & impediment to skript kiddies.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @hanno and
Something is already wrong if you introduce entropy as security feature.
2 replies 0 retweets 0 likes -
Hardly. Consider key generation for a trivial counterexample. But the space of possible random values has to be huge (not ~10-28 bits like ASLR) and they can't leak.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @hanno and
Take actual encryption as an exception. But I consider none deterministic memory layouts as a workaround for other issues.
1 reply 0 retweets 0 likes -
Even if they were in a 256-bit memory space you couldn't brute force?
1 reply 0 retweets 0 likes -
Replying to @RichFelker @Gottox and
I think you could conceivably even implement memory-safety that way - huge sparse address space.
1 reply 0 retweets 0 likes
If the probability of guessing an address is less than the probability of guessing the ssh private key, is it meaningful to consider it nonzero?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.